<?php
	include("HTML_top.php");
	
	$fail = false;
	if (isset($_POST['email']))
	{
		include("conn.php");
		connectToDB();
		
		$q = mysql_query("SELECT * FROM user WHERE email='".$_POST['email']."'");
		$q = mysql_fetch_array($q);
		
		if (!$q)
			$fail = true;
		else
		{
			if ($_POST['pin'] == $q['pin'])
			{
				$_SESSION['user'] = array("email" => $q['email'], "name" => $q['name'], "pin" => $q['pin']);
				echo '<script type="text/javascript">window.location="index.php";</script>';
			}
			else
				$fail = true;
		}
	}

	include("header.php");
?>

<h2>Login</h2>

<form action="login.php" method="post">

Email:<br/>
<input type="text" name="email" size="50" /><br/>
<br/>
PIN:<br/>
<input type="password" name="pin" size="50" /><br/>

<?php

if ($fail)
	echo '<br/><font style="color:red;">Invalid email/pin combination<br/>';

?>

<br/>
<input type="submit" value="Login" />

</form>

<?php
	include("footer.php");
	include("HTML_bottom.php");
?>
